CRAIGSLIST ACCOUNT PHISHING SCAM

CRAIGSLIST ACCOUNT PHISHING SCAM

The message is not from Craigslist.It is a phishing scam designed to steal account information from Craigslist users. Those who follow the link will be taken to a bogus “login” webpage that can harvest their account credentials for the use of Internet scammers.

Example:

Subject: Important NOTICE: Registration Suspension

Important Craigslist Information

We recently have determined that different computers have logged into your account, and multiple password failures were present before the login. Therefore your account has been blocked. To avoid deletion of your Craigslist account please Sign In :
Click here to confirm your Craigslist account. [Link Removed]
Thanks,
Craigslist team

________________________________________

Copyright 2005-2010 Craigslist International Limited.

Detailed Analysis

This screenshot of the bogus login page shows how closely it resembles the genuine article.

This email, which purports to be from popular online community and classified advertisements website, Craigslist, warns the recipient that his or her Craigslist account has been blocked because of multiple failed login attempts from different computers. It claims that, unless the user signs in to confirm his or her account via a link in the message, the account will be deleted.

However, the message is not from Craigslist and the claim that the user’s account has been blocked is untrue. In fact, the email was sent by Internet criminals and is designed to steal information of accounts on Craigslist. Those who fall for the ruse and follow the link in the message will be taken to a bogus login webpage constructed to resemble the genuine Craigslist login. Given the rather bland and sparse appearance of Craigslist web pages, it is not at all difficult for scammers to duplicate them with a high degree of accuracy.

If a user is tricked into “logging on” to the bogus web page, his or her login details can them be easily collected by the criminals running the scam and subsequently used for their own nefarious purposes. Once the scammers have such login details, they are then able to access their victim’s real Craigslist account and conduct fraudulent activities in his or her name. Craigslist haswarned members about such phishing scams via a prominent note on the site’s genuine login page. The note states:

WARNING: scammers may try to steal your username and password, by sending you an official-looking email with a link to a fake craigslist login page that looks like the page you’re on now, hoping you’ll type in your username and password. Look carefully at the web address near the top of your browser to make sure you are on the real craigslist login page,

The safest way to login is go to the craigslist homepage directly by typing in the web address, and then clicking on the ‘my account’ link.

Many phishing scams follow very similar tactics to those described above. It is very common for phishing scam emails to claim that an account with the targeted company or financial institution has been blocked due to an unexpected problem or suspected fraud. Such emails generally instruct recipients to follow a link to a bogus website that can steal their account login details and, in many cases, personal information such as credit card numbers, social security numbers, bank account details, and contact information.

When operating such scams, criminals may randomly distribute many thousands or even millions of identical phishing emails like the one above in the hope of netting victims. Many more experienced recipients will be aware of such scams and will not be fooled. Many others will not even have an account with the targeted service or institution and will thus ignore the message as a mistake or not applicable. However, a few may hold accounts with the targeted service and also be unaware of how such scams operate. These few are the criminal’s primary target. Even if only a handful of people fall for each scam operation, the scam will pay off handsomely for the criminals responsible.

Internet users should be very cautious of any email that claims that there is a problem with their account and that they must follow a link in the message to submit information and restore account access.

Post Views: 3,458

Join the Fight and Be Apart of Something Amazing...

Become a Certified Organized Retail Crime Investigator (CORCI) Today with the McAfee Institute and Save Over 25% Off!